Tag: Security

New Commit Suggest Face Authentication to be a System Level Part of Android

A new commit in the Android Open Source Project (AOSP) repository suggests that facial authentication is coming to Android as a system level API.  It could mean that from system point of view, Android P could well allow for facial authentication on devices, assuming of course that the hardware to do so is built into the device.

Currently, for manufactures to support facial authentication (like OnePlus for example), they have to build their own app and leverage existing APIs, mostly around the fingerprint authentication.  That works, obviously, but it isn’t as optimized as it could be and it is dependent upon OEMs to build the supporting software & hardware to make it happen.  This commit would more-or-less standardize things for Android.

iOS 11.4 to Bring a Lockdown of Lightening Connection to Charging Only Without Passcodes

It appears that once again Apple is upping device security with the upcoming release of iOS 11.4.  In a new report on Elcomsoft indicates that when the new build of iOS rolls out, it will come with a Lightening Connection lockdown that requires the device to unlocked or the password/fingerprint to be entered every seven days.  The feature is meant to prevent tethering a device to a PC or Mac and brute force cracking the device to gain access.

The feature first appeared in iOS 11.3 but was dropped during the beta testing.  It reappeared in 11.4 and, to this point, has pretty much gone unnoticed until now.  What this means is after 7 days, if the device hasn’t been unlocked either with biometrics or a password, the Lightening connector becomes a charging port only.  No data is transmitted to or from the device by the connected laptop.

Microsoft Authenticator App Gets a UI Update and GDPR Compliance

The 2-factor authentication app from Microsoft, Microsoft Authenticator, has a new update rolling out that brings a slightly refreshed look to the app as well as compliance with the new General Data Protection Regulation (GDPR) directive in the European Union.  The new update is version 6.2.26 for those keeping score at home and it has been released to the Play Store.

As for the new look, it is a slight one compared to the older version of the app.  Now an account is shaded grey if it isn’t setup for identify verification and is only used to access organizational resources.

G Suite Adds Security Key Support for All Customers

Google has announced that physical USB security key support is coming to all version of G Suite over the next few weeks.  Support of security keys, to this point, has been limited to Enterprise level customers.  That is changing as all variants of the service will be gaining support.

Security Keys are a physical USB key that you plug into a device that gives you access to it.  It is perhaps the ultimate in 2-Factor authentication.  Yubico is perhaps the most well known of these types of keys and they are readily available at low cost.

Chrome OS Gets an Optional TPM Security Update That Requires a Powerwash

There is a new, optional security update for Chrome OS that fixes a vulnerability with the Trusted Platform Module (TPM) in the majority of Chromebooks.  To apply the update however, you will need to Powerwash your device.

The vulnerability has to do with hackers potentially being able to brute force the RSA keys generated by your TPM.  This, in theory, could give the the opportunity to plant malicious code on your device or take it over.  For those not familiar, a Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. It essentially makes sure that the hardware and software on your device are secure and encrypted and what has access to the keys generated by it.  Thus, you see the problem.  If the TPM gets compromised, it can lead to a lot of issues for end users.

Chrome OS Build 63 Protected Against the Intel CPU Vulnerability

It has been a frantic week for Apple, Google and Microsoft as they have tried to deal with a serious CPU vulnerability in modern processors from Intel, ARM and AMD.  The security issue, which could allow for system memory to be read which could give access to passwords and other sensitive information.   The significance of this issue is that it requires an OS level update to fix.

For Google and Chrome OS, the fix is already out.  The Chrome 63 train for Chrome OS was released on December 15th and part of that update was fixing this issue.  The issue does not impact Chrome OS devices running ARM processors.  This is good news as it means a wide swatch of Chromebooks are already protected.

Twitter Now Supporting Third Party Two Factor Authentication Apps

Twitter has finally begun allowing users to use 3rd party two factor authentication apps to verify their identity.  The new feature is rolling out to users accounts online and you can now select the default SMS authentication or a 3rd party authentication tool.

In April, the social micro blogging site rolled out SMS authentication that allowed users to have an authentication code texted to them when they were logging into their account.  That is still enabled by default but you now have the option to use a 3rd party app like Google Authenticator to verify your identity.   The feature requires that you log into your Twitter account online, then go to Settings & Privacy in your account settings.  There you can setup an authentication app.

Unlocked Galaxy Note 4 Getting The May 2017 Security Update

Samsung has begun rolling out the May 2017 Android Security update for the venerable Galaxy Note 4 and Note 4 Edge.  The update doesn’t contain any new features for the 2014 devices but will bring them up to the latest security patch for those still using it.  Both phones are running Android Marshmallow and it is highly unlikely they will ever see Nougat despite their extended support after the Note7 debacle.

The update weighs in at 345MB and it is recommended that you download the OTA update via Wi-Fi.  Once you have it downloaded, the install process will take about 10 minutes to complete and will require a reboot of the device.

%d bloggers like this: